Refine your search
5 vulnerabilities found for SiPass integrated by Siemens
CVE-2025-40774 (GCVE-0-2025-40774)
Vulnerability from cvelistv5
Published
2025-10-14 09:15
Modified
2025-10-14 19:03
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.7 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.7 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.
Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Version: 0 < V3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:56.197262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:03:05.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.\r\n\r\nSuccessful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:21.139Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40774",
"datePublished": "2025-10-14T09:15:21.139Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:03:05.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40773 (GCVE-0-2025-40773)
Vulnerability from cvelistv5
Published
2025-10-14 09:15
Modified
2025-10-14 19:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.
Successful exploitation allows an attacker to potentially manipulate data belonging to other users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Version: 0 < V3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:31.582611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:00:40.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.\r\n\r\nSuccessful exploitation allows an attacker to potentially manipulate data belonging to other users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:19.971Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40773",
"datePublished": "2025-10-14T09:15:19.971Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:00:40.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40772 (GCVE-0-2025-40772)
Vulnerability from cvelistv5
Published
2025-10-14 09:15
Modified
2026-02-10 09:58
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Version: 0 < V3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:06.441835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:00:19.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.\r\n\r\nSuccessful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T09:58:40.252Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40772",
"datePublished": "2025-10-14T09:15:18.788Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2026-02-10T09:58:40.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-31812 (GCVE-0-2022-31812)
Vulnerability from cvelistv5
Published
2025-05-23 15:03
Modified
2025-05-23 17:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Version: 0 < V2.95.3.18 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T17:01:12.871336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T17:01:19.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.95.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T15:03:39.864Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-041082.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31812",
"datePublished": "2025-05-23T15:03:39.864Z",
"dateReserved": "2022-05-30T10:21:52.588Z",
"dateUpdated": "2025-05-23T17:01:19.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31810 (GCVE-0-2022-31810)
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2025-03-05 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Version: All versions < V2.90.3.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:55.893124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:54:24.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.90.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.\r\n\r\nThis could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:03.150Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31810",
"datePublished": "2023-07-11T09:07:03.150Z",
"dateReserved": "2022-05-30T10:21:52.587Z",
"dateUpdated": "2025-03-05T18:54:24.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}